Forum Discussion
RE: KQL query for event types per table used by Microsoft Sentinel (and connected Data Connectors)
So with a base KQL query of:
union withsource= table *
...is there a way to query each table in Microsoft Sentinel and identify each EVENT type used within it?
So listed as...
Table 1...
...event type 1 (count)
...event type 2 (count)
Table 2...
...event type 1 (count)
...event type 2 (count)
etc...
1 Reply
- By "Event Type" are you referring to the EventID or something else? Maybe just a count of rows in each Table? A screenshot of teh data you are referring to would help. Thanks
